License activation system

driveirk · July 21, 2023, 8:42pm

Hello
I’m trying to automate license installation and activation. Activating a license through a file or a variable works, but then I cannot change the key through the browser, they say that it is necessary to change the variable and restart kibana, this does not suit me.
There remains the option with the API, but it does not work for me. Can you suggest what I’m doing wrong?

curl -XPOST -k 'https://host:5601/pkp/license' -d '{"token": "key"}' -H 'Content-Type: application/json'

answer:

{"statusCode":404,"error":"Not Found","message":"Not Found"}

In my config I have

readonlyrest_kbn.whitelistedPaths: [".*/api/status$", ".*/pkp/license$"]

If I remove this line, then for a request without authorization I get:

curl -XPOST -k 'https://host:5601/pkp/license' -d '{"token": "key"}' -H 'Content-Type: application/json'
Found. Redirecting to /logout?nextUrl=%2Fpkp%2Flicense%

With authorization

curl -u user:pass -XPOST -k 'https://host:5601/pkp/license' -d '{"token": "key"}' -H 'Content-Type: application/json'
Found. Redirecting to /logout?nextUrl=%2Fpkp%2Flicense%

Tell me what am I doing wrong?

ReadonlyREST
Enterprise 1.49.1_es7.15.1

{“customer_id”: “6c4a385b-2ae8-4f02-a9cd-ef24addfb5b3”, “subscription_id”: “32d4073f-dc2f-4056-a868-842727c637cd”}

driveirk · July 21, 2023, 8:45pm

Perhaps the SSL settings from the kibana config will be useful:

server.port: 5601
server.host: "0.0.0.0"

elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.username: login
elasticsearch.password: pass

readonlyrest_kbn.clearSessionOnEvents: ["login"]
readonlyrest_kbn.kibana_custom_css_inject: "[data-test-subj*=spacesNavSelector] { display: none !important } [data-test-subj*=homeLink] { display: none !important } [data-test-subj*=discover-addRuntimeField-popove] { display: none !important } [data-test-subj*=discoverOptionsButton] { display: none !important }"
readonlyrest_kbn.kibana_custom_js_inject: "$('[data-test-subj*=spacesNavSelector]').remove() $('[data-test-subj*=homeLink').remove() $('[data-test-subj=discover-addRuntimeField-popover').remove() $('[data-test-subj*=discoverOptionsButton]').remove()"
readonlyrest_kbn.cookiePass: "cook"
readonlyrest_kbn.cookieName: "ror"
readonlyrest_kbn.store_sessions_in_index: true
readonlyrest_kbn.sessions_index_name: ".readonlyrest"
readonlyrest_kbn.sessions_refresh_after: 100
readonlyrest_kbn.whitelistedPaths: [".*/api/status$"]
readonlyrest_kbn.sessions_probe_interval_seconds: 600

server.ssl.enabled: true
server.ssl.keystore.path: "/etc/kibana/cert.p12"
server.ssl.keystore.password: ""
server.ssl.supportedProtocols: ["TLSv1.2", "TLSv1.3"]
elasticsearch.ssl.alwaysPresentCertificate: true
elasticsearch.ssl.verificationMode: none
migrations.enableV2: false
monitoring.enabled: false
console.enabled: true

sscarduzio · July 21, 2023, 9:12pm

I’m out of office now, and cannot check the code or test. But what I would do is: open chrome dev tools on the network tab, and try save a new activation key (random string, doesn’t matter) from kibana ror ui. Then observe the xhr request being logged in dev tools.

Dzuming · July 22, 2023, 3:52pm

Hi @driveirk

Could you try something like this?

curl -X 'POST' \
        -v \
        -k \
        -u <YOUR_USERNAME>:<YOUR_PASSWORD> \
        'https://localhost:5601/pkp/api/license?overwrite=true' \
        -H 'Content-Type: application/json' \
        -d '{"token": "<YOUR_TOKEN>"}'

driveirk · July 24, 2023, 8:31am

This url works. You need to change the url to /pkp/api/license?overwrite=true in the documentation
Here is a link to the bug in the documentation:

sscarduzio · July 24, 2023, 8:46am

Thanks @driveirk, @Dzuming can you take care of updating the docs?

driveirk · September 1, 2023, 1:23pm

I just want to notify you that the documentation has not yet been updated.

sscarduzio · September 1, 2023, 1:49pm

It’s in the develop branch of the documentation, you can switch using the top left dropdown menu in the docs.

As soon as we release, it will be present.